Once a member of the tech field, Robert Streeter, CIPP/E, CIPP/US,  said it became obvious he would need to transition from one gig to another. With an interest in both data and security, he found his way to becoming the Data Protection and Privacy Officer with News Corp UK. Since joining the privacy field, Streeter has served as a former member of the IAPP's European Advisory Board and is now a member of the Training Advisory Board. The Privacy Advisor caught up with Streeter to get a feel for what makes this volunteer keep at it. 

The Privacy Advisor: Has your approach to privacy changed over time?
Streeter: I wouldn’t say so. I have a broad background in business, technology and security, plus a newfound enthusiasm for data protection and privacy. It’s almost been confirmed, as I’ve moved along in my data protection career, that having a broad background really does help. I think for a privacy role or data protection officer role, it’s a real benefit to have a broad background and experience. Privacy is very much risk-based. A broader base allows you to assess risk much better, you can look at it in a multifaceted way to come up what the risks are in a much better way.

The Privacy Advisor: How do you see technology influencing your role?
Streeter: It's more trying to keep up with the technology. One of the things I find somewhat confusing, and think a lot of people do, is the advertising technology world. I advise on this and sit on a council for the Internet Advertising Bureau of the U.K., but I find the technology that they are talking about and the way they use it, really confusing. Trying to keep up to speed with that, understand it and discuss it, is really hard. I think one of the issues there is there is no consistent terminology.

The Privacy Advisor: What’s unique about working in data protection and privacy at a news org?
Streeter: It’s a pretty unique world. With a news organization [News UK publishes the Sunday Times, The Times and The Sun] what attracted me to come to news was the whole move to digital. There is so much movement that way. In the paper world, you don’t really know your readers, apart from market research, you don’t get a strong feeling as to what your readers are doing, down to the granular level. Of course, in the digital world, you can see that. One of the things we want to do with data is to make the content more relevant to the audience. If you understand who your readers are, you can actually drive your content.
The whole move to digital is a very exciting field, I think. Since we do so much data analytics and machine learning, one of the things I've done is to take quite a few courses on machine learning and on data science. I have even started my own data programing. I don’t want to become a data scientist, but to do my job, I need to understand what they’re doing. I'm looking at data science and ethics to see what can be done with the data.

The Privacy Advisor: Ahead of the GDPR, how would you describe the mood among your fellow privacy pros?
Streeter: It's pretty positive, really. We know what we need to do, roughly. We have a set time scale to do it. Now, it's working with the organization to drive the level of compliance we need ahead of the GDPR. It's frustrating at times because a lot of “experts” have suddenly materialized, and they are inexperienced, ill-informed and generally focused on the headline issues.

The GDPR isn’t some revolutionary thing that popped out of the air. It's an evolution. The U.K. had its first Data Protection Act in 1984, and we had the new act in 1998. The U.K has always been at the forefront and driven a lot on data protection. The GDPR is an evolution from where we are today, not some revolutionary scary thing. If you're compliant today, there are a few things you need to do to become compliant with the GDPR, but it shouldn’t be some scary exercise, it should be a business transformation.

One of the things it's making people do is to appreciate the value of personal data. Data they have on their customers, their workers, and for a publisher, the people who read our papers. Essentially the GDPR  has acted as a catalyst to raise the profile of data protection.  You’ve got to look at it positively, if you look at it negatively, you'll just be miserable.

The Privacy Advisor: What would you say is the top concern ahead of May?  
Streeter: Notwithstanding the “experts” and the burst of vendors offering GDPR compliance products, one of the things that is frustrating, at times, is the lack of timely good guidance from regulators. We are starting to see more guidance but we won't see key guidance before the end of this calendar year— which doesn’t give us much time ahead of may.

My concern is about the ways the guidelines have been drafted by the regulators and some their interpretations of what the GDPR requires. I can see quite a few things going to the European Court of Justice for resolution at some point early on in the life of the GDPR. I think that would create uncertainty about the regulation itself and what we have to do. It's going to be quite a busy few years. We've got May 25 when this comes into effect, but I think we have a few years after trying to figure out what all this says. There will need to be quite a few enforcements to shake it out, essentially. Plenty of things to think about over the next few years.

The Privacy Advisor: Why do you volunteer with the IAPP?
Streeter: The IAPP is the leading privacy body for privacy professionals, and I always like to support organizations that support us. I looked at how I could support the organization and saw the volunteer roles, which is why I volunteered initially on the European side. I gave it a couple of years and thought, what next? Training. As an industry we have to get more people trained in privacy and data protection and get rid of the dependency on so called “experts."

The Privacy Advisor: It seems like you are very focused on developing your knowledge around data protection and privacy. Do you have free time? 
Streeter: I make sure I have free time. I do online courses, such as Coursera and EDX, on my free time. When you're doing a day-to-day job, sometimes I just want a different type of intellectual stimulation. I've done related courses but have also done unrelated courses. I did two on the Ebola virus, warfare in the 20th  century and others. One stuck out tremendously but unfortunately it's work related — the history of the internet. Mostly, it was interesting because I’ve lived through it but that was fascinating and really engaging.

When I'm not doing that, I'm a runner and open water swimmer. In recent years, I've turned into a long distance runner. I thought I was incapable of running about 10 years ago, and then I just started. Running is quite therapeutic as well, a great time to sort your mind out.